Every organisation has experienced, or will experience, a cyber security incident; depending on what you define the term as, most organisations have multiple every day. Increasingly punitive data protection regulation (such as the GDPR’s ability to fine organisations up to 4% of global turnover for data breaches) coupled with increasing…

How to assess and improve your cyber incident response plans — One of the biggest predictors of an organisation’s response to a cyber security incident is the quality of its cyber incident response plan. An effective plan can be a guide-rail for an experienced team, and a lifeline to the less experienced. …

A malware analysis walkthrough — Summary This blog post analyses a Portable Executable file first identified as being submitted by a user in Libya in 2011 to VirusTotal, identified by targeted searches to identify malware potentially linked to the Libyan Civil War. My analysis identified that the file is highly likely a variant of the Delphi-based…

Assessing possible links between the Russian state and destructive “criminal” cyber attacks — At the end of November, a tweet rapidly made its way around the cyber security community, claiming to show evidence a number of prominent human-operated ransomware groups were “directly connected with the Russian government”. Regardless of the contents of this tweet, I don’t think there is enough evidence to…

Hacking for Gaddafi — The Libyan Electronic Army (LEA) was a hacking group operating during the First Libyan Civil War in support of, and directed by, the then-ruling Gaddafi regime. This post explores the history and capabilities of the LEA. Emergence of the LEA Small groups of pro-government hacking groups emerged in Libya during the 2000s at the…

10 things I learned from Radical Candor — Kim Scott’s great book “Radical Candor” really impacted my view of leadership and management in business. Her core message is that managers (or leaders, bosses, etc) need to both care personally about the people they work with, and be prepared to challenge them directly. …

Taking clear action in the first few hours of a crisis to minimise future risk — Incident response is hard, and the hardest part can often be in the first few hours where chaos reigns supreme and nobody really knows what’s going on or what they should be doing. Follow the seven steps for immediate incident response to provide clear direction, take appropriate action, and lay…

Understanding cyber operations in the hermit kingdom — The vast majority of North Korean hacking, or offensive computer network operations (CNO), comes directly under the control of the North Korean military. Formally known as the Korean People’s Army, or KPA, North Korea’s military is formed of five branches: the Ground Force, the Navy, the Air Force, the Strategic…

This blog post analyses a really common cryptocurrency scam that has been widely reported on, and presents a number of open source intelligence tools that can be used to investigate such a scam. …